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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. 

Please amend the claims as follows: 

1. (Currently Amended) A method to be executed by a processor within a 
network having a client, comprising: 

intercepting a connection request within the network, wherein the connection request 
is initiated from the client to establish a communication conduit between a- the client and a 
se rve r in order to access a specific service on the server : 

identifying the communication conduit corresponding to the client, the server, and the 
specific service; 

identifying one or more usage conditions associated with the communication conduit, 
wherein the one or more usage conditions are defined to permit conditional use of the 
communication conduit by the client; and 

determining whether the one or more usage conditions permit the connection request 
to be sent to the server, aro mot, whoroin if at least ono of tho conditions is not mot, then the 
connection request is not sent to tho sorvor , and wherein one of the one or more usage 
conditions that would permit the connection request to be sent includes inc l ude a persistent 
usage condition in which a c l ient to sorvor the communication conduit was previously 
authorized and a designated time interval for the persistent usage condition has not lapsed. 

2. (Previously Presented) The method of Claim 1, further comprising the step of 
forwarding the connection request to the server over the communication conduit when the one 
or more usage conditions are met. 
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3. (Currently Amended) The method of Claim 2, wherein the dotormining stop 
comprises identifying the communication conduit comprises identifying a first network 
address of the server, a second network address of the client^ a«d a port number of the 
communication conduit , and the specific service associated with the port number . 

4. (Previously Presented) The method of Claim 3, further comprising the step of 
sending a plurality of DHCP reply messages for binding a first address of a first host to a second 
address of a second host, the plurality of DHCP reply messages sent to a third host, the server 
residing on the first host, and the client residing on the third host. 

5. (Previously Presented) The method of Claim 2, wherein the determining step 
comprises (a) obtaining a confirmation from a human, and (b) determining whether the 
communication conduit was used by the client prior to the client's sending the connection 
request. 

6. (Original) The method of Claim 2, wherein the determining step comprises 
obtaining a confirmation from a human, wherein the human (a) is associated with the client or 
(b) has administrative privilege. 

7. (Previously Presented) The method of Claim 2, wherein the determining step 
comprises (a) determining whether the client used the communication conduit at any time 
prior to the client's sending the connection request, (b) determining whether the client used 
the communication conduit within a specific time-window prior to the client's sending the 
connection request, or (c) determining whether the client used the communication conduit 
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within a pre-determined context prior to the client's sending the connection request, wherein 
the pre-determined context comprises a TCP connection or a session. 

8. (Original) The method of Claim 2, wherein the determining step comprises 
determining whether a configuration of the client comprises one or more pre-determined data. 



comprises determining whether a repository comprises one or more authorization data 
pertinent to the connection request. 

10. (Original) The method of Claim 2, wherein the determining step comprises 
authorizing temporary usage of the communication conduit, wherein the temporary usage 
expires unless administrative approval is obtained (a) within a pre-determined time-window, 
(b) before the client sends a pre-determined number of messages, or (c) before the client uses 
a pre-determined number of distinct contexts, wherein a context comprises a TCP connection 
or a session. 

11. (Previously Presented) The method of Claim 2, wherein the determining step 
comprises determining whether the connection request is sent within a pre-determined time- 
window. 

12. (Original) The method of Claim 11, wherein the pre-determined time-window 
comprises one or more weekday peak usage hours. 



9. 



(Previously Presented) The method of Claim 2, wherein the determining step 



13. (Previously Presented) The method of Claim 1, further comprising the step of 
discarding the connection request when the one or more usage conditions are not met. 
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14. (Currently Amended) The method of Claim 13, wherein the dotormining stop 
comprises identifying the communication conduit comprises identifying a first network 
address of the client, a second network address of the server^ a«4 a port number of the 
communication conduit , and the specific service associated with the port number . 

15. (Original) The method of Claim 1, further comprising the step of logging a result 
of the determining step. 

16. (Original) The method of Claim 1, further comprising the step of notifying a 
system-administrator of a result of the determining step. 
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17. (Currently Amended) A method to be executed by a processor within a 
network having a client, comprising: 

intercepting a service-initiation request within the network, wherein the service- 
initiation request is initiated from the client to estab l ish a communication conduit botwoon a 
c l iont and a sorvor in order to access a specific service on a server ; 

identifying a request-type corresponding to the service-initiation request and the 
specific service; 

identifying one or more service conditions associated with the request-type, wherein 
the one or more service conditions are defined to permit conditional use of the request-type 
by the client; and 

determining whether the one or more usage service conditions permit the service- 
initiation request to be sent to the server arc mot, whoroin if at l east one of tho conditions is 
not mot, then the request is not sent to the sorvor , and wherein one of the one or more service 
conditions that would permit the service-initiation request to be sent include a persistent 
usage condition in which a c l iont to sorvor condu i t the request-type was previously authorized 
and a designated time interval for the persistent usage condition has not lapsed 

conditiona ll y sending, basod on tho ono or moro sorvico conditions, tho sorvico 
initiation roquost from a c l iont to a sorvor ovor a notwork . 

18. (Previously Presented) The method of Claim 17, further comprising the step of 
forwarding the service-initiation request to the server over the network when the one or more 
service-conditions are met. 



19. (Original) The method of Claim 18, wherein the determining step comprises 
identifying a first network address of the server and a second network address of the client. 
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20. (Original) The method of Claim 19, further comprising the step of sending a 
plurality of DHCP reply messages for binding a first address of a first host to a second address of 
a second host, the plurality of DHCP reply messages sent to a third host, the server residing on 
the first host, and the client residing on the third host. 

21. (Previously Presented) The method of Claim 18, wherein the determining step 
comprises (a) obtaining a confirmation from a human or (b) determining whether the client 
sent the service-initiation request within an authorized time window. 

22. (Cancelled) 

23. (Previously Presented) The method of Claim 18, wherein the determining step 
comprises determining whether a second service-initiation request of a same request-type as 
the service-initiation request (a) was forwarded to the server at any time prior to the client's 
sending the service-initiation request (b) was forwarded to the server within a pre-determined 
time-window prior to the client's sending the service-initiation request, or (c) was forwarded to 
the server within a specific context, wherein a context comprises a TCP connection or a session. 

24. (Currently Amended) The method of Claim 18, wherein the determining step 
comprises determining whether a second service-initiation request of the one or more pre- 
determined request-types (a) was forwarded to the server at any time prior to the client's 
sending the service-initiation request, (b) was forwarded to the server within a pre-determined 
time-window prior to the client's sending the service-initiation request, or (c) was forwarded to 
the server within a specific context, wherein a context comprises a TCP connection or a session. 
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25. (Currently Amended) The method of Claim 17, further comprising the stop of 
discarding the service-initiation request when the one or more usage service conditions are not 
met. 

26. (Previously Presented) The method of Claim 25, wherein the determining step 
comprises identifying a first network address of the client and a second network address of the 
server. 

27. (Original) The method of Claim 17, further comprising the step of logging a 
result of the determining step. 



28. (Original) The method of Claim 17, further comprising the step of notifying a 
system-administrator of a result of the determining step. 
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29. (Currently Amended) A system within a network having a client for the 
containment of network communication , comprising: 

a communication proxy for intercepting a connection request within the network, 
wherein the connection request is initiated from a the client to establish a communication 
conduit between the client and a server in order to access a specific service on the server. 
over a communication conduit; 

wherein the communication proxy comprises one or more processors is programmed to 
execute one or more sequences of instructions, including: 

identifying the communication conduit corresponding to the client, the server, 
and the specific service: 

identifying one or more usage conditions associated with the communication 
conduit, wherein the one or more usage conditions are defined to permit conditional use of 
the communication conduit by the client: 

determining dotormino whether the one or more usage conditions permit the 
connection request to be sent to the server, arc mot, and wherein if at l east one of the 
conditions is not mot, then the connection request is not sent to the server , and wherein one of 
the one or more usage conditions that would permit the connection request to be sent 
includes inc l ude a persistent usage condition in which a c l ient to server the communication 
conduit was previously authorized and a designated time interval for the persistent usage 
condition has not lapsed. 

30. (Currently Amended) The method system of Claim 29, wherein the one or more 
sequences of instructions executed by the one or more processors of the communication 
proxy further include (a) obtains obtaining a confirmation from a human, and (b) determines 
determining whether the communication conduit was used by the client prior to the client 
sending the connection request. 
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31. (Currently Amended) The system of Claim 29, wherein the one or more 
sequences of instructions executed by the one or more processors of the communication 
proxy further include identifying identifies a first network address of the server, a second 
network address of the client^ €h«d a port number of the communication conduit , and the 
specific service associated with the port number . 

32. (Currently Amended) The method system of Claim 31, wherein the one or more 
sequences of instructions executed bv the one or more processors of the communication 
proxy further include comprising the stop of sending a plurality of DHCP reply messages for 
binding a first address of a first host to a second address of a second host, the plurality of DHCP 
reply messages sent to a third host, the server residing on the first host, and the client residing 
on the third host. 

33. (Previously Presented) The system of Claim 31, wherein the communication 
proxy resides in a network element, the network element in a communication path between 
the client and the server. 

34. (Original) The system of Claim 31, wherein the communication proxy and the 
client reside on the same host. 

35. (Original) The system of Claim 31, wherein the communication proxy and the 
server reside on the same host. 
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36. (Currently Amended) A system within a network having a client for the 
containment of network communication , comprising: 

a service-proxy for intercepting a service-initiation request within the network, wherein 
the service-initiation request is initiated from a the client in order to access a specific service 
on to a server^ over a network; 

wherein the service-proxy comprises one or more processors 4S- configured to execute 
one or more sequences of instructions, including: 

identifying a request-type corresponding to the service-initiation request and 
the specific service: 

identifying one or more service-conditions associated with the request-type, 
wherein the one or more service-conditions are defined to permit conditional use of the 
request-type bv the client: 

determining determine ! whether the one or more service-conditions permit the 
service-initiation request to be sent to the server are mot, and whoroin if at l east one of the 
conditions is not mot, then the request is not sent to the server , and wherein one of the one or 
more service- conditions that would permit the service-initiation request to be sent include a 
persistent usage condition in which a c l ient to sorvor conduit the request-type was previously 
authorized and a designated time interval for the persistent usage condition has not lapsed. 

37. (Currently Amended) The system of Claim 36, wherein the one or more 
sequences of instructions executed bv the one or more processors of the service-proxy further 
include (a) obtains obtaining a confirmation of the one or more service-conditions being met 
from a human or (b) is programmed to determine determining whether the client set the 
service-initiation request within an authorized time-window. 
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38. (Currently Amended) The system of Claim 36, wherein the one or more 
sequences of instructions executed by the one or more processors of the service-proxy further 
include identifying identifies a first network address of the server and a second network 
address of the client. 

39. (Currently Amended) The method system of Claim 38, wherein the one or more 
sequences of instructions executed bv the one or more processors further include comprising 
the stop of sending a plurality of DHCP reply messages for binding a first address of a first host 
to a second address of a second host, the plurality of DHCP reply messages sent to a third host, 
the server residing on the first host, and the client residing on the third host. 

40. (Previously Presented) The system of Claim 38, wherein the service-proxy 
resides in a network element, the network element in a communication path between the 
client and the server. 

41. (Original) The system of Claim 38, wherein the service-proxy and the client 
reside on the same host. 

42. (Original) The system of Claim 38, wherein the service-proxy and the server 
reside on the same host. 



43. (Cancelled) 



